× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: afc83ed72cc2a4b02424a91d41c0c8e170c345cd1d0513ef17a7d87adf3212cb
File name: cpuminer.exe
Detection ratio: 1 / 56
Analysis date: 2015-08-11 14:23:25 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win64/BitCoinMiner.AP potentially unsafe 20150811
Ad-Aware 20150811
AegisLab 20150811
Yandex 20150810
AhnLab-V3 20150811
Alibaba 20150803
ALYac 20150811
Antiy-AVL 20150811
Arcabit 20150811
Avast 20150811
AVG 20150811
Avira (no cloud) 20150811
AVware 20150811
Baidu-International 20150811
BitDefender 20150811
Bkav 20150811
ByteHero 20150811
CAT-QuickHeal 20150811
ClamAV 20150811
CMC 20150710
Comodo 20150811
Cyren 20150811
DrWeb 20150811
Emsisoft 20150811
F-Prot 20150811
F-Secure 20150811
Fortinet 20150811
GData 20150811
Ikarus 20150811
Jiangmin 20150810
K7AntiVirus 20150811
K7GW 20150811
Kaspersky 20150811
Kingsoft 20150811
Malwarebytes 20150811
McAfee 20150811
McAfee-GW-Edition 20150811
Microsoft 20150811
eScan 20150811
NANO-Antivirus 20150811
nProtect 20150811
Panda 20150811
Qihoo-360 20150811
Rising 20150811
Sophos AV 20150811
SUPERAntiSpyware 20150811
Symantec 20150811
Tencent 20150811
TheHacker 20150811
TrendMicro 20150811
TrendMicro-HouseCall 20150811
VBA32 20150811
VIPRE 20150811
ViRobot 20150811
Zillya 20150811
Zoner 20150810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright (C) 2015

Product cpuminer-multi
File version 1.1
PE header basic information
Target machine x64
Compilation timestamp 2015-08-11 02:46:06
Entry Point 0x00173370
Number of sections 9
PE sections
PE imports
DeregisterEventSource
RegisterEventSourceA
ReportEventA
GetLastError
FreeConsole
GetStdHandle
FlushConsoleInputBuffer
VerifyVersionInfoA
GetSystemInfo
FillConsoleOutputCharacterA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
SetConsoleTextAttribute
TlsAlloc
GetVersionExA
LoadLibraryA
DuplicateHandle
VerSetConditionMask
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
SetConsoleCtrlHandler
GetCurrentProcessId
ReleaseSemaphore
MultiByteToWideChar
SetEvent
SetProcessAffinityMask
WaitForMultipleObjects
GetConsoleScreenBufferInfo
GetThreadContext
GetCurrentThread
CreateSemaphoreA
TlsFree
GetModuleHandleA
FormatMessageA
TlsSetValue
CloseHandle
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetSystemDirectoryA
DecodePointer
ExpandEnvironmentStringsA
GetThreadPriority
SetPriorityClass
SetThreadContext
GlobalMemoryStatus
ResumeThread
ResetEvent
InitializeCriticalSection
SetLastError
GetConsoleWindow
CreateEventA
TlsGetValue
Sleep
GetFileType
GetTickCount
SetThreadPriority
GetCurrentThreadId
GetVersion
GetProcAddress
SleepEx
WriteConsoleW
LeaveCriticalSection
__sys_nerr
fseek
__timezone
fclose
_time64
strtoul
fflush
_getpid
_fmode
strtol
fputc
_ftime64
strtok
strtod
fwrite
fputs
_XcptFilter
isspace
_ftime64_s
_exit
_isatty
_difftime64
_wfopen
memcpy
strstr
memmove
signal
__crt_debugger_hook
_configthreadlocale
strcmp
memchr
strncmp
_splitpath_s
fgetc
memset
_stricmp
_setmode
_stat64i32
fgets
strchr
isxdigit
ftell
exit
sprintf
strrchr
_initterm_e
ferror
free
_dclass
__getmainargs
_gmtime64
_vsnprintf
_vacopy
_getch
isupper
rand
__daylight
realloc
_strtoi64
__dllonexit
toupper
fopen
strncpy
_cexit
raise
isalnum
qsort
_tzset
_onexit
isalpha
_snprintf
_commode
__setusermatherr
fread
strncat_s
__C_specific_handler
memcmp
getenv
atoi
vfprintf
atof
__crtUnhandledException
localeconv
__crtCaptureCurrentContext
_setjmp
_beginthreadex
strspn
_localtime64
_strnicmp
malloc
sscanf
__crtTerminateProcess
srand
fprintf
isdigit
strtoll
feof
_endthreadex
_amsg_exit
?terminate@@YAXXZ
_errno
_vscprintf
_lock
__initenv
_strdup
_fileno
longjmp
tolower
_unlock
wcsstr
strerror
calloc
_initterm
__crtCapturePreviousContext
__iob_func
_calloc_crt
__crtSetUnhandledExceptionFilter
_stat64
__set_app_type
GetDesktopWindow
ShowWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
getaddrinfo
htonl
shutdown
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
getpeername
WSAGetLastError
getsockopt
closesocket
inet_addr
send
ntohs
select
listen
__WSAFDIsSet
WSACleanup
inet_ntoa
recv
WSAIoctl
setsockopt
socket
bind
WSASetLastError
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
3119616

EntryPoint
0x173370

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
1.1

TimeStamp
2015:08:11 03:46:06+01:00

FileType
Win64 EXE

PEType
PE32+

ProductVersion
1.1

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2015

MachineType
AMD AMD64

CodeSize
1518592

ProductName
cpuminer-multi

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 81d19f67e1dd7a7903a5774b9c793725
SHA1 a4b7bd9fe6b89f45f42fd200ad8e232b3fca4574
SHA256 afc83ed72cc2a4b02424a91d41c0c8e170c345cd1d0513ef17a7d87adf3212cb
ssdeep
49152:KBl8M/VbHckJ2vEMOjm9ODRTwrGBGQTYRDNpq:KXV84R6DO

authentihash ab73f9dc0d4b0fc4e536371b1bee060c49f90974b0e07fc4cdbce68d8b4de844
imphash 2b396e475048a38c8706acc2da2321de
File size 4.4 MB ( 4611584 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly via-tor

VirusTotal metadata
First submission 2015-08-11 14:23:25 UTC ( 3 years, 4 months ago )
Last submission 2017-05-20 13:11:52 UTC ( 1 year, 7 months ago )
File names cpuminer.exe
md5hashd.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0813.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!